Parameter list
Presentation
The following table describes all configuration
parameters. The colons are:
- Full name: description of the
parameter
- Key name: all configuration have a
key, used by the Manager to store them in configuration backend, or by
script to override default value.
- Version: at which version the
parameters appeared. If "0", it has always been there (or we don't
remember when)
- GUI: is available in Manager
GUI
- Portal, Menu, Handler, Manager,
Sessions: in which Perl Module the parameter is used
You can edit
etc/lemonldap-ng.ini to
override locally any of these parameters
The key name can also be seen when you access
directly to the configuration backend (for example with an LDAP browser if
you choose the
LDAP configuration
backend).
When a key name contains one or more /, it means
that it's multi-level hash map. For example level1Key / level2Key will be
used as:
level1Key => { level2Key => 'value' },
General
parameters
Backends
Full name |
Key name |
Version |
GUI |
Portal |
Menu |
Handler |
Manager |
Sessions |
Authentication backend |
authentication |
0 |
Yes |
X |
|
|
|
|
User backend |
userDB |
0.9.3 |
Yes |
X |
|
|
|
|
Password backend |
passwordDB |
0.9.4 |
Yes |
X |
|
|
|
|
Session backend |
globalStorage |
0 |
Yes |
X |
|
X |
|
X |
Session backend options |
globalStorageOptions |
0 |
Yes |
X |
|
X |
|
X |
Configuration backend |
configStorage |
0 |
No |
X |
|
X |
X |
X |
Cache backend |
localStorage |
0 |
No |
X |
|
X |
X |
|
Cache backend options |
localStorageOptions |
0 |
No |
X |
|
X |
X |
|
Notification backend |
notificationStorage |
0.9.3 |
Yes |
X |
|
|
|
|
Issuer backend |
issuerDB |
1.0 |
No |
X |
|
|
|
|
Common
Full name |
Key name |
Version |
GUI |
Portal |
Menu |
Handler |
Manager |
Sessions |
Remote user (for Apache logs) |
whatToTrace |
0 |
Yes |
X |
|
X |
X |
X |
Custom functions |
customFunctions |
0.9.3 |
Yes |
X |
|
X |
X |
|
Headers sent |
exportedHeaders |
0 |
Yes |
X |
|
X |
|
|
Access rules |
locationRules |
0 |
Yes |
X |
|
X |
|
|
Portal URL |
portal |
0 |
Yes |
X |
|
X |
|
|
Name of the cookie |
cookieName |
0 |
Yes |
X |
|
X |
|
|
Main DNS domain |
domain |
0 |
Yes |
X |
|
X |
|
|
CDA activation |
cda |
0.9.4 |
Yes |
X |
|
X |
|
|
Cookie security |
securedCookie |
0 |
Yes |
X |
|
|
|
|
Cookie expiration |
cookieExpiration |
1.0 |
Yes |
X |
|
|
|
|
Attributes from user backend |
exportedVars |
0 |
Yes |
X |
|
|
|
|
Local groups |
groups |
0 |
Yes |
X |
|
|
|
|
Macros |
macros |
0 |
Yes |
X |
|
|
|
|
Session lifetime for cronjob |
timeout |
0 |
Yes |
(purge script) |
|
|
|
|
Syslog facility |
syslog |
0.9.3 |
Yes |
X |
|
|
|
|
SOAP activation |
Soap |
0.9.4 |
Yes |
X |
|
|
|
|
Attributes exported in SOAP |
exportedAttr |
0.9.4 |
Yes |
X |
|
|
|
|
Store password in session |
storePassword |
0.9.3 |
Yes |
X |
|
|
|
|
Notification activation |
notification |
0.9.3 |
Yes |
X |
|
|
|
|
Trusted domains |
trustedDomains |
0.9.4 |
Yes |
X |
|
|
|
|
Rule for session granting |
grantSessionRule |
1.0 |
Yes |
X |
|
|
|
|
Status module |
status |
0.9 |
No |
|
|
X |
|
|
Force HTTPS in redirection |
https |
0 |
Yes |
|
|
X |
|
|
Force port in redirection |
port |
0 |
Yes |
|
|
X |
|
|
Protection scheme |
protection |
0 |
No |
|
|
(CGI) |
X |
X |
Sessions image path |
imagePath |
0.9.3 |
No |
|
|
|
|
X |
jQuery URI |
jqueryUri |
0.9.3 |
No |
|
|
|
|
X |
Use XForwardedFor for IP |
useXForwardedForIP |
0.9.4 |
No |
|
|
|
|
X |
Multi values separator |
multiValuesSeparator |
1.0 |
No |
X |
|
|
|
X |
SMTP
(reset password by mail)
Full name |
Key name |
Version |
GUI |
Portal |
Menu |
Handler |
Manager |
Sessions |
SMTP server |
SMTPServer |
0.9.4 |
Yes |
X |
|
|
|
|
Mail From address |
mailFrom |
0.9.4 |
Yes |
X |
|
|
|
|
Regexp for random password |
randomPasswordRegexp |
0.9.4 |
Yes |
X |
|
|
|
|
Subject for password mail |
mailSubject |
0.9.4 |
Yes |
X |
|
|
|
|
Body for password mail |
mailBody |
0.9.4 |
Yes |
X |
|
|
|
|
Subject for confirmation mail |
mailConfirmSubject |
1.0 |
Yes |
X |
|
|
|
|
Body for confirmation mail |
mailConfirmBody |
1.0 |
Yes |
X |
|
|
|
|
URL for mail reset |
mailUrl |
1.0 |
Yes |
X |
|
|
|
|
Note: setting mailBody and mailConfirmBody
will disable the use of default HTML templates.
Templates
customization
Full name |
Key name |
Version |
GUI |
Portal |
Skin name |
portalSkin |
1.0 |
Yes |
X |
Display logout module |
portalDisplayLogout |
1.0 |
Yes |
X |
Display reset password form |
portalDisplayResetPassword |
1.0 |
Yes |
X |
Display change password module |
portalDisplayChangePassword |
1.0 |
Yes |
X |
Display applications list |
portalDisplayAppslist |
1.0 |
Yes |
X |
Allow form autocompletion |
portalAutocomplete |
1.0 |
Yes |
X |
Require old password (change) |
portalRequireOldPassword |
1.0 |
Yes |
X |
User name session field |
portalUserAttr |
1.0 |
Yes |
X |
Open links in new window |
portalOpenLinkInNewWindow |
1.0 |
Yes |
X |
Authentication configuration
(Portal only)
Common
Full name |
Key name |
Version |
GUI |
Delete other session |
singleSession |
1.0 |
Yes |
Delete other session if IP differs |
singleIP |
1.0 |
Yes |
Do not allow several users for 1 IP |
singleUserByIP |
1.0 |
Yes |
Display other sessions |
notifyOther |
1.0 |
Yes |
Display deleted sessions |
notifyDeleted |
1.0 |
Yes |
LDAP
Full name |
Key name |
Version |
GUI |
Default |
LDAP server or Net::LDAP connexion string |
ldapServer |
0 |
Yes |
LDAP Port |
ldapPort |
0 |
Yes |
389 |
LDAP search base |
ldapBase |
0 |
Yes |
localhost |
Bind DN |
managerDn |
0 |
Yes |
|
Bind Password |
managerPassword |
0 |
Yes |
|
Main search filter |
LDAPFilter |
0 |
Yes |
(&(uid=$user)(objectClass=inetOrgPerson)) |
Authentication search filter |
AuthLDAPFilter |
0.9 |
Yes |
|
Mail search filter |
mailLDAPFilter |
0.9.4 |
Yes |
|
Password policy control |
ldapPpolicyControl |
0.9.1 |
Yes |
0 |
Extended SetPassword modify |
ldapSetPassword |
0.9.4 |
Yes |
0 |
Groups base |
ldapGroupBase |
0.8 |
Yes |
|
Groups objectClass |
ldapGroupObjectClass |
0.9.4 |
Yes |
|
Groups member attribute |
ldapGroupAttributeName |
0.9.4 |
Yes |
|
Groups member link value |
ldapGroupAttributeNameUser |
0.9.4 |
Yes |
|
Groups name attribute |
ldapGroupAttributeNameSearch |
0.9.4 |
Yes |
|
Activate recursive groups |
ldapGroupRecursive |
1.0 |
Yes |
|
Group link attribute name |
ldapGroupAttributeNameGroup |
1.0 |
Yes |
|
Change password as user |
ldapChangePasswordAsUser |
1.0 |
Yes |
|
LDAP password encoding |
ldapPwdEnc |
1.0 |
Yes |
utf-8 |
LDAP timeout |
ldapTimeout |
1.0 |
Yes |
120 |
LDAP version |
ldapVersion |
1.0 |
Yes |
3 |
Binary attributes |
ldapRaw |
1.0 |
Yes |
|
DBI
Full name |
Key name |
Version |
Connection chain |
dbiAuthChain |
1.0 |
Connection user |
dbiAuthUser |
1.0 |
Connection password |
dbiAuthPassword |
1.0 |
Authentication table |
dbiAuthTable |
1.0 |
Login column |
dbiAuthLoginCol |
1.0 |
Password column |
dbiAuthPasswordCol |
1.0 |
Password hash |
dbiAuthPasswordHash |
1.0 |
UserDB connection chain |
dbiUserChain |
1.0 |
UserDB connection user |
dbiUserUser |
1.0 |
UserDB connection password |
dbiUserPassword |
1.0 |
UserDB table |
dbiUserTable |
1.0 |
Mail column |
dbiPasswordMailCol |
1.0 |
Pivot from user table |
userPivot |
1.0 |
SSL
Full name |
Key name |
Version |
GUI |
User field in certificate |
SSLVar |
0 |
Yes |
Map with LDAP attribute |
SSLLDAPField |
0 |
Yes |
Force SSL authentication |
SSLRequire |
0 |
Yes |
CAS
Full name |
Key name |
Version |
GUI |
CAS server URL |
CAS_url |
0 |
Yes |
CAS login URL |
CAS_loginUrl |
0 |
Yes |
CAS validation URL |
CAS_validationUrl |
0 |
Yes |
CAS CA file |
CAS_CAFile |
0 |
Yes |
Remote
Full name |
Key name |
Version |
GUI |
Remote portal |
remotePortal |
0.9.4 |
Yes |
Remote Session backend |
remoteGlobalStorage |
0.9.4 |
Yes |
Remote Session backend options |
remoteGlobalStorageOptions |
0.9.4 |
Yes |
Remote cookie name |
remoteCookieName |
0.9.4 |
No |
Proxy
Full name |
Key name |
Version |
GUI |
Target portal URL |
soapAuthService |
1.0 |
Yes |
Target cookie name |
remoteCookieName |
1.0 |
Yes |
Target session SOAP end point |
soapSessionService |
1.0 |
Yes |
Liberty
Alliance
Full name |
Key name |
Version |
GUI |
SP certificate |
laSP / certificate |
0.9 |
No |
SP metadata (XML file) |
laSP / metadata |
0.9 |
No |
SP private key |
laSP / privkey |
0.9 |
No |
SP secret key |
laSP / secretkey |
0.9 |
No |
IDPs list (XML file) |
laIdpsFile |
0.9 |
No |
Debug activation |
laDebug |
0.9 |
No |
LDAP attribute in assertion |
laLdapLoginAttribute |
0.9 |
No |
Federation storage |
laStorage |
0.9 |
No |
Federation storage options |
laStorageOptions |
0.9 |
No |
Full name |
Key name |
Version |
GUI |
twitter application key |
twitterKey |
1.0 |
Yes |
twitter application secret |
twitterSecret |
1.0 |
Yes |
twitter application name |
twitterAppName |
1.0 |
Yes |
OpenID
Full name |
Key name |
Version |
GUI |
OpenID secret token |
openIdSecret |
1.0 |
Yes |
Special Handler
configuration (Handler only)
Zimbra
Full name |
Key name |
Version |
GUI |
Preauthentication key |
zimbraPreAuthKey |
1.0 |
Yes |
Account session key |
zimbraAccountKey |
1.0 |
Yes |
Account type |
zimbraBy |
1.0 |
Yes |
Preauthentication URL |
zimbraUrl |
1.0 |
Yes |
Local SSO URL pattern |
zimbraSsoUrl |
1.0 |
Yes |
Sympa
Full name |
Key name |
Version |
GUI |
Shared secret |
sympaSecret |
1.0 |
Yes |
Mail session key |
sympaMailKey |
1.0 |
Yes |